In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2022-03-04T15:50:06
Updated: 2024-08-03T03:28:42.597Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22946
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-04T16:15:10.377
Modified: 2024-11-21T06:47:39.557
Link: CVE-2022-22946
Redhat
No data.